Operation Manual
Configuring Security, Quality, and Network Features
Setting Security Features
Cisco Small Business SPA300 Series, SPA500 Series, and WIP310 IP Phone Administration Guide 130
5
Setting Security Features
The security features ensure that calls are secure and authenticated.
Challenging SIP Initial INVITE and MWI Messages
The SIP INVITE (initial) and Message Waiting Indication (MWI) messages in a
session can be challenged by the endpoint. The challenge restricts the SIP
servers that are permitted to interact with the devices on a service provider
network. This significantly increases the security of the VoIP network by
preventing malicious attacks against the device.
To configure SIP INVITE challenge, navigate to Admin Login > advanced > Voice >
Ext_n. Under
SIP Settings in the Auth INVITE field, choose yes.
Encrypting Signaling with SIP Over TLS
Transport Layer Security (TLS) is a standard protocol for securing and
authenticating communications over the Internet. SIP Over TLS encrypts the SIP
messages between the service provider SIP proxy and the end user. SIP Over TLS
encrypts only the signaling messages, not the media. A protocol such as Secure
Real-Time Transport Protocol (SRTP) can be used to encrypt voice packets (see
Securing Voice Traffic with SRTP).
TLS has two layers:
• TLS Record Protocol--layered on a reliable transport protocol, such as SIP
or TCH, it ensures that the connection is private by using symmetric data
encryption and it ensures that the connection is reliable.
• TLS Handshake Protocol--authenticates the server and client, and
negotiates the encryption algorithm and cryptographic keys before the
application protocol transmits or receives data.
Cisco SPA IP phones use UDP as a standard for SIP transport, but they also
support SIP over TLS for added security.
To enable TLS for the phone, navigate to Admin Login > advanced > Voice >
Ext_n. Under
SIP Settings, select TLS from the SIP Transport list.
Downloaded from www.Manualslib.com manuals search engine